Download Latest Version
4.33.3 source code.tar.gz (2.2 MB)
Get an email when there's a new version of Serverless Framework
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| 4.33.3 source code.tar.gz | 2026-04-02 | 2.2 MB | |
| 4.33.3 source code.zip | 2026-04-02 | 3.5 MB | |
| README.md | 2026-04-02 | 1.2 kB | |
| Totals: 3 Items | 5.7 MB | 0 | |
Bug Fixes
Serverless Framework
- Locked transitive dependencies in distributed packages to harden against supply chain attacks. Previously, the framework tarball and npm installer package shipped without a lockfile, allowing transitive dependencies to resolve fresh from the registry on each install. Both packages now include
npm-shrinkwrap.jsonfiles that pin the entire dependency tree to exact versions. (#13453, [#13458])
Maintenance
- Upgraded lodash to v4.18.1 with security fixes for prototype pollution via
_.unset/_.omit(GHSA-f23m-r3pf-42rh) and code injection via_.templateimports (GHSA-r5fr-rjxr-66jc, CVE-2026-4800) (#13469) - Upgraded simple-git to v3.33.0 with enhanced input sanitization for
git.clone/git.mirrorand strictergit -cchecks in the unsafe plugin (#13467) - Upgraded @modelcontextprotocol/sdk to v1.28.0 (#13474)
- Bumped the AWS SDK group with multiple updates (#13462, [#13463], [#13471], [#13473])
- Bumped the patch-updates group with 3 updates (#13464)
- Bumped github.com/fatih/color to v1.19.0 in the binary installer (#13459)
- Bumped actions/setup-go to v6.4.0 (#13460)
